No Security Team? No Problem!

May 25th, 2021

Cybercriminals never rest, and their attacks tend to become more and more sophisticated over time. While the world has changed a great deal in the last year, this unfortunate truth has remained constant.

As we’ve seen, again and again, cyberattacks not only impact large enterprise organizations, but they affect companies of all sizes, many of which can’t afford to build and maintain a security operations center (SOC) to detect and contain cyberattacks around the clock.

Simply put, if you’re business is like many others out there (i.e. limited IT staff and resources and no in-house security team), comprehensive data protection may seem difficult, if not impossible. However, that certainly doesn’t have to be the case. There is a ray of hope for deploying cybersecurity and making significant improvements to their posture for those organizations without security teams.

Start with a cybersecurity assessment

The best place to start is with a comprehensive cybersecurity assessment. There are a lot of different types of assessments, but the three main things you’re looking for is an inventory of the assets and data that are being protected, any weaknesses that exist in your current environment (digital and physical), and your baseline cybersecurity score or “grade,” which will be used to track the improvement on future assessments. A reputable framework like NIST is often used in these assessments, which can be done by consultants, questionnaire-based software tools, or even an Excel spreadsheet.

In addition to a cybersecurity controls review, testing is an integral part of the assessment and will further help to identify weaknesses attackers might try and exploit. You should assess your networks, devices, and web applications using vulnerability scanning tools, which can assist in identifying IT resources with vulnerabilities that your organization should remediate before attackers can use them to deploy an attack. Most scanners produce detailed reports ranking the criticality of vulnerabilities and providing remediation steps and tips.

For a secondary level of testing, ethical hackers can perform penetration testing of your systems using an array of technologies and techniques to attempt to compromise internal and external systems. They will then provide detailed reports of their findings, risk ratings, and recommendations. Did they get to the crown jewels? And if so, how? Now that would be good to know, wouldn’t it!

Go beyond the cybersecurity assessment with testing

Using your assessment results as a benchmark, the next steps in protecting your organization from cybercriminals involves a layered approach to ensure you address new and emerging threats.

For example, email is the attack vector in many initial cyberattacks, with 94 percent of malware delivered to victims by email, according to the Verizon Data Breach Investigations Report. In light of this fact, every data security program should include ongoing employee training on recognizing and avoiding phishing attacks.

A second focus should be on the credentials employees use to access computers and networks. Of the more than 150,000 attacks it investigated, Verizon found that nearly a third involved stolen or improperly used credentials. Evidence has shown that the goal of many cyber breaches is to steal usernames and passwords because once these have been obtained hackers can use them in successful attacks. Thanks in large part to password recycling (using the same password on multiple applications), which is fairly common. This underscores the importance of deploying password management solutions and proactively using solutions that search for compromised credentials being dumped, traded, sold, or shared.

A third consideration is that cybercriminals are constantly attempting to defeat current protection technology deployed on target systems. Recent incidents have shown that attackers are first testing and then successfully enabling their attack methods directly against some of the top endpoint detection systems by designing them to avoid detection and/or disabling them during an attack. Suppose there is only a single layer of endpoint protection in place, something an attacker can work to defeat. In that case, an organization is left needing additional monitoring and detection systems to alert to suspicious activity and indicators of compromise beyond the traditional endpoint detection, which is not often seen in organizations without security teams. 

SOC it to ya

Most large enterprise organizations’ security revolves around the Security Operations Center or “SOC,” which employs advanced technology and cybersecurity experts to perform ongoing testing, scanning, monitoring, and response. An organization can take its cybersecurity beyond traditional blocking and tackling solutions to include continuous assessments, threat hunting, and response with a SOC. 

The unfortunate reality is that most organizations without security teams just don’t have the budget or resources to build a SOC, which can cost $1 million-plus per year for a small center with tools, maintenance, and cybersecurity expertise. 

In response to these constraints, organizations without security teams are moving to outsource SOC functions through managed detection and response (MDR) providers who provide these services at a fraction of the cost of building and managing their own SOC. They also often deliver advanced services like containment, incident response, and remediation.

Find the cybersecurity solution that works for you

Robust cybersecurity is no longer limited to those with deep pockets that can afford advanced tools and teams to automate threat and vulnerability detection, build a comprehensive set of policies to foster secure behaviors, deploy a regular training program, and use a SOC to hunt, detect, and remediate incidents as they occur. With attacks on the rise and targeting organizations of all sizes, maintaining cybersecurity doesn’t have to mean building your own full cybersecurity stack or SOC and hiring an internal team of experts to keep it running 24/7. 

Instead, organizations without security teams can find solutions that combine multiple tools and expertise to provide complete visibility and control of their entire cybersecurity landscape. So how do you turn this concept into reality and implement this type of solution? Our Cybersecurity QuickStart Guide provides key steps you can take to build and maintain a comprehensive cybersecurity program – using straight talk that’s easy to understand. 

Once you have a solution in place, you’ll have everything you need to start assessing and building a program that continuously improves cyber-hygiene, automates vulnerability and threat detection, fosters a robust internal cybersecurity culture, and contains threats before they can cause further damage. 


Want to learn more about how to build out your security program? Check out this BetaNews article by Defendify Co-Founder Rob Simopoulos.